Back to skill

Security audit

Nimble Web Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Nimble web-search wrapper that sends search queries and a user-provided API key to Nimble's external API.

Install this only if you intend to use Nimble's external search API. Use a dedicated revocable API key, avoid sending secrets or confidential project details in search queries, and be cautious with optional deep search or local caching because results may contain sensitive URLs or extracted content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs users to execute shell commands and wrapper scripts, but the manifest does not declare corresponding permissions/capabilities. This creates a transparency and governance gap: hosts or users may not realize the skill depends on shell execution, increasing the chance of unsafe adoption or policy bypass in environments that rely on declared permissions.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script inspects environment variables to identify the host platform and transmits that value in the X-Nimble-Request-Origin header to the external API. This is not necessary to perform a web search and creates avoidable telemetry about the user’s tooling environment, increasing privacy risk and enabling vendor-side fingerprinting.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation guidance is very broad ('searching for information', 'researching topics', 'getting latest real-time data'), which overlaps with many common user requests. Over-broad triggers can cause the agent to invoke this third-party web-search skill unnecessarily, sending user queries externally more often than intended and increasing privacy and data-exposure risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation describes sending search requests to the Nimble Search API but does not prominently warn that user queries, filters, domains, and possibly retrieved content are transmitted to an external third party. Without this disclosure, users may unknowingly expose sensitive prompts, research topics, or proprietary data to an outside service.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The examples encourage sending arbitrary search queries and a bearer API key to a third-party service without a prominent warning that user inputs and potentially sensitive research terms leave the local environment. In an agent-skill context, this can cause unintentional disclosure of confidential prompts, internal project names, or other sensitive data to an external provider.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The documentation encourages deep_search to retrieve full page content and later shows local caching patterns, but it does not warn users that fetched content may include personal, copyrighted, or otherwise sensitive material. This can lead users to collect and retain more data than necessary, increasing privacy, compliance, and data-handling risk.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The document encourages saving, archiving, and building knowledge bases from extracted third-party content, but it does not warn about privacy, contractual, or copyright constraints when storing scraped research data. In a web-search skill that can extract and persist external content at scale, this omission can lead users or downstream agents to retain sensitive or restricted material without appropriate review.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends the user-supplied query, along with platform metadata, to a third-party service without any explicit runtime notice or consent mechanism. In an agent-skill context, queries may contain sensitive project, code, or research information, so silent transmission to an external vendor can expose confidential data.

External Transmission

Medium
Category
Data Exfiltration
Content
**kwargs
        }

        response = requests.post(self.base_url, json=data, headers=headers)
        response.raise_for_status()
        return response.json()
Confidence
90% confidence
Finding
requests.post(self.base_url, json=

External Transmission

Medium
Category
Data Exfiltration
Content
API_URL="https://nimble-retriever.webit.live/search"

# Make API request with tracking headers
curl -s -X POST "$API_URL" \
    -H "Authorization: Bearer $NIMBLE_API_KEY" \
    -H "Content-Type: application/json" \
    -H "User-Agent: nimble-agent-skill/$SKILL_VERSION" \
Confidence
94% confidence
Finding
curl -s -X POST "$API_URL" \ -H "Authorization: Bearer $NIMBLE_API_KEY" \ -H "Content-Type: application/json" \ -H "User-Agent: nimble-agent-skill/$SKILL_VERSION" \ -H "X-Client-Source

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.